CVE-2019-25520

CVE-2019-25520 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. The administrative login in admingiris.php is vulnerable to authentication bypass via improper SQL query validation, enabling unauthenticated attackers to bypass login and access the admin interface. Attackers can submit SQL inject...

Cross-site Scripting (XSS)

Overview ha-mcp is a Home Assistant MCP Server - Complete control of Home Assistant through MCP Affected versions of this package are vulnerable to Cross-site Scripting XSS in the OAuth consent form rendering process. An attacker can execute arbitrary JavaScript in the server operator's browser b...

ha-mcp has XSS via Unescaped HTML in OAuth Consent Form

Summary The ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects...

GHSA-PF93-J98V-25PV ha-mcp has XSS via Unescaped HTML in OAuth Consent Form

Summary The ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects...

Server-side Request Forgery (SSRF)

Overview ha-mcp is a Home Assistant MCP Server - Complete control of Home Assistant through MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the haurl parameter in the OAuth consent form and forged tokens in REST and WebSocket tool calls. An attacker ca...

EUVD-2026-11383

ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle...

ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...

GHSA-FMFG-9G7C-3VQ7 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...

EUVD-2026-11323

Tornado is vulnerable to DoS due to too many multipart parts...

SUSE CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

CLSA-2026-1773323876 go-rpm-macros: Fix of CVE-2025-61726

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing...

CLSA-2026-1773314910 git-lfs: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Youssef Elouaer in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 2.0.1...

WordPress Gravity Forms plugin <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Form Title vulnerability discovered by hoshino in WordPress Plugin Gravity Forms versions = 2.9.28...

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23 and earlier. The vulnerability is in the way input in form fields is sanitized. This allows attackers to insert malicious JavaScript code. When other users open the affected content, the injected scripts are executed in...

WordPress My Sticky Bar plugin <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action vulnerability

Unauthenticated SQL Injection via 'stickymenucontactleadform' Action vulnerability discovered by Dimas Maulana in WordPress Plugin My Sticky Bar versions = 2.8.6...

EUVD-2026-11521

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...

EUVD-2026-11511

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

CVE-2026-3657

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...